CVE-2022-45822: WordPress Advanced Booking Calendar plugin <= 1.7.1 - Unauth. SQL Injection (SQLi) vulnerability - Patchstack

Solution

No patched version is available. No reply from the vendor.

minhtuanact discovered and reported this SQL Injection vulnerability in WordPress Advanced Booking Calendar Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information and creating new administrator accounts. This vulnerability has not been known to be fixed yet.

4 other known vulnerabilities for this pluginTo plugin page

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more